A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and IV. Each message is encrypted in CBC mode and restarts with the fixed IV, leading to replay attacks of entire messages. There is no authentication of messages beyond the use of the fixed AES key, so message forgery is also possible.
Software House iStar Ultra door access control systems are vulnerable to critical security flaws. The use of a fixed AES key and IV for encrypting communications between the iStar Ultra and the IP-ACM Ethernet Door Module allows for replay attacks and message forgery, potentially enabling unauthorized access and control of physical security systems. This vulnerability poses a significant risk to organizations using these systems, allowing for complete compromise of physical security.
Step 1: Reconnaissance: Identify target iStar Ultra devices and IP-ACM modules on the network. Determine the firmware versions to confirm vulnerability.
Step 2: Packet Capture: Capture network traffic between the iStar Ultra and IP-ACM module. This can be achieved through network sniffing tools like Wireshark or tcpdump, or by mirroring traffic to a monitoring port.
Step 3: Decryption (Optional): While not strictly necessary for replay attacks, the attacker can decrypt captured traffic using the known fixed AES key and IV, potentially revealing sensitive information about access control configurations and user credentials. This step aids in understanding the message structure.
Step 4: Replay Attack: Identify a legitimate encrypted message that unlocks a door or performs a desired action. Replay this captured message to the IP-ACM module. The module, due to the fixed IV, will decrypt the message and execute the command, unlocking the door.
Step 5: Message Forgery: Analyze the structure of the encrypted messages. Craft a new, malicious message using the fixed key and IV to perform unauthorized actions, such as adding new users with elevated privileges, disabling security alarms, or opening doors at specific times. This requires understanding the message format and the commands supported by the system.
The vulnerability stems from the flawed implementation of encryption between the iStar Ultra and the IP-ACM module. The system uses AES encryption in CBC mode, but critically, it employs a fixed AES key and Initialization Vector (IV). This design choice eliminates the security benefits of encryption. Because the IV is static, each encrypted message starts with the same initial state. This allows an attacker to capture and replay encrypted messages, effectively unlocking doors or manipulating access control functions. Furthermore, the lack of message authentication (e.g., a MAC or digital signature) means an attacker can forge messages. By knowing the fixed key and understanding the message format, an attacker can craft malicious commands that the system will trust, leading to complete control of the door access system. The root cause is a failure to implement proper cryptographic best practices, specifically the use of a unique IV for each message and the inclusion of message authentication.